When they first created phpSuExec in PHP v4 series,
the system would read local php.ini files for each user
but it was not a documented or supported feature and
we removed with the release of PHP v5 series.

Allowing users to write their own PHP.INI files is actually
a far greater security risk than not having phpSuExec
and is probably part of the reason that particular part
of phpSuExec was discontinued.

Also, phpSuExec is not needed at all if you are just simply
wanting to track programs that send out email. Exim itself
has a configuration option to log which scripts are sending
out email so even if they are sending email as 'nobody',
you still have logs showing which account actually sent the
mail and which script was used to send it.

It is not about just who is sending emails but how much is sending.
With phpsuexec the WHM config value set to 100 emails / hour let you send max 100 email per hour for each of your domain. Without phpsuexec this limit makes 100 emails per hour for all users on the server using php to send emails. So for me it is only one reason for using php with phpsuexec.
Anyway thanks for the info.

When they first created phpSuExec in PHP v4 series,
the system would read local php.ini files for each user
but it was not a documented or supported feature and
we removed with the release of PHP v5 series.

Click to expand...

To be exact, per-directory php.ini works still with 5.0.5 but the feature has been removed from 5.1.x.